STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:SV-99111r1_rule
V-88461
SRG-OS-000072-GPOS-00040
VROM-SL-000360
CAT II
10
If "difok" was not set at all in "/etc/pam.d/common-password-vmware.local" then run the following command:
# sed -i '/pam_cracklib.so/ s/$/ difok-8/' /etc/pam.d/common-password-vmware.local
If "difok" was set incorrectly, run the following command to set it to "8":
# sed -i '/pam_cracklib.so/ s/difok=./difok=8/' /etc/pam.d/common-password-vmware.local
Check that at least eight characters need to be changed between old and new passwords during a password change by running the following command:
# grep pam_cracklib /etc/pam.d/common-password-vmware.local
The "difok" parameter indicates how many characters must be different. The DoD requires at least eight characters to be different during a password change. This would appear as "difok=8".
If "difok" is not found or not set to at least "8", this is a finding.
Expected Result:
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=14 difok=8 retry=3
V-88461
False
VROM-SL-000360
Check that at least eight characters need to be changed between old and new passwords during a password change by running the following command:
# grep pam_cracklib /etc/pam.d/common-password-vmware.local
The "difok" parameter indicates how many characters must be different. The DoD requires at least eight characters to be different during a password change. This would appear as "difok=8".
If "difok" is not found or not set to at least "8", this is a finding.
Expected Result:
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=14 difok=8 retry=3
M
3461